In Laravel, should I check for permission in controller if already checking on middleware?
No, you should not make another check, the middleware will do it.
In fact handling authentication and permission handling is one of the most frequent uses for middleware
when you specify this:
Route::patch('company/{id}', ['as' => 'updateCompany', 'uses' => 'SettingsController@updateCompany', 'middleware' => 'permission:manage_company']
You're telling laravel that, when it finds a company/{id}
route, it should trigger the handle
method of the permission:manage_company
middleware, before the request is sent to the SettingsController
So, when the request will get to your controller you're sure that it has satisfied all the middleware it went through